167 matches found
CVE-2023-23621
Discourse is an open-source discussion platform. Prior to version 3.0.1 on the stable branch and version 3.1.0.beta2 on the beta and tests-passed branches, a malicious user can cause a regular expression denial of service using a carefully crafted user agent. This issue is patched in version 3.0....
CVE-2023-23616
Discourse is an open-source discussion platform. Prior to version 3.0.1 on the stable branch and 3.1.0.beta2 on the beta and tests-passed branches, when submitting a membership request, there is no character limit for the reason provided with the request. This could potentially allow a user to...
CVE-2023-43814
Discourse is an open source platform for community discussion. Attackers with details specific to a poll in a topic can use the /polls/groupedpollresults endpoint to view the content of options in the poll and the number of votes for groups of poll participants. This impacts private polls where t...
Improper Authorization
Overview magento/community-edition is a modern cloud eCommerce platform. Affected versions of this package are vulnerable to Improper Authorization. An attacker can bypass security measures and gain unauthorized access by exploiting this vulnerability. Remediation Upgrade magento/community-editio...
Access Control Bypass
Overview magento/community-edition is a modern cloud eCommerce platform. Affected versions of this package are vulnerable to Access Control Bypass that could allow a privileged attacker to escalate privileges. Remediation Upgrade magento/community-edition to version 2.4.4-p12, 2.4.5-p11, 2.4.6-p9...
Time-of-check Time-of-use (TOCTOU) Race Condition
Overview magento/community-edition is a modern cloud eCommerce platform. Affected versions of this package are vulnerable to Time-of-check Time-of-use TOCTOU Race Condition enabling the bypass of a security feature. Remediation Upgrade magento/community-edition to version 2.4.4-p12, 2.4.5-p11,...
Incorrect Authorization
Overview magento/community-edition is a modern cloud eCommerce platform. Affected versions of this package are vulnerable to Incorrect Authorization enabling the bypass of a security feature. Remediation Upgrade magento/community-edition to version 2.4.4-p12, 2.4.5-p11, 2.4.6-p9, 2.4.7-p4,...
Improper Authorization
Overview magento/community-edition is a modern cloud eCommerce platform. Affected versions of this package are vulnerable to Improper Authorization enabling bypass of a security feature. Remediation Upgrade magento/community-edition to version 2.4.4-p12, 2.4.5-p11, 2.4.6-p9, 2.4.7-p4, 2.4.8-beta2...
Drupal Diff module < 1.8.0,2.0.0-2.0.0-beta2 - Authenticated Multiple Vulnerabilities
Authenticated Multiple Vulnerabilities discovered by Matthias Vogel in WordPress Module Diff versions 1.8.0,2.0.0-2.0.0-beta2...
Mautic 安全漏洞
Mautic is an open source marketing automation software from Mautic Open Source. The software monitors and manages websites, sends emails and manages customer resources. A security vulnerability exists in Mautic 1.0.0-beta2 and earlier versions, which stems from a cross-site scripting issue in the...
SUSE CVE-2024-32464
Action Text brings rich text content and editing to Rails. Instances of ActionText::Attachable::ContentAttachment included within a richtextarea tag could potentially contain unsanitized HTML. This vulnerability is fixed in 7.1.3.4 and 7.2.0.beta2...
Drupal Acquia DAM module < 1.0.13,1.1.0-1.1.0-beta2 - Unauthenticated Multiple Vulnerabilities
Unauthenticated Multiple Vulnerabilities discovered by Matt Glaman in WordPress Module Acquia DAM versions 1.0.13,1.1.0-1.1.0-beta2...
PT-2024-10363 · Acquia · Acquia Dam
Name of the Vulnerable Software and Affected Versions: Acquia DAM versions 0.0.0 through 1.0.12 Acquia DAM versions 1.1.0 through 1.1.0-beta2 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability in the Acquia DAM module of the Drupal CMS system. This vulnerability...
CVE-2024-32464
Action Text brings rich text content and editing to Rails. Instances of ActionText::Attachable::ContentAttachment included within a richtextarea tag could potentially contain unsanitized HTML. This vulnerability is fixed in 7.1.3.4 and 7.2.0.beta2...
UBUNTU-CVE-2024-32464
Action Text brings rich text content and editing to Rails. Instances of ActionText::Attachable::ContentAttachment included within a richtextarea tag could potentially contain unsanitized HTML. This vulnerability is fixed in 7.1.3.4 and 7.2.0.beta2...
CVE-2024-32464 ActionText ContentAttachment can Contain Unsanitized HTML
Action Text brings rich text content and editing to Rails. Instances of ActionText::Attachable::ContentAttachment included within a richtextarea tag could potentially contain unsanitized HTML. This vulnerability is fixed in 7.1.3.4 and 7.2.0.beta2...
PT-2024-24592 · Unknown · Actiontext
Name of the Vulnerable Software and Affected Versions: ActionText versions 7.1.0 through 7.1.3.3 ActionText version 7.2.0.beta1 Description: The issue arises from instances of ActionText::Attachable::ContentAttachment included within a rich text area tag, which could potentially contain unsanitiz...
BIT-DISCOURSE-2023-23620 Discourse restricted tag routes leak topic information
Discourse is an open-source discussion platform. Prior to version 3.0.1 on the stable branch and 3.1.0.beta2 on the beta and tests-passed branches, the contents of latest/top routes for restricted tags can be accessed by unauthorized users. This issue is patched in version 3.0.1 on the stable...
BIT-DISCOURSE-2023-23622 Discourse: Presence of read restricted topics may be leaked if tagged with a tag that is visible to all users
Discourse is an open-source discussion platform. Prior to version 3.0.1 of the stable branch and version 3.1.0.beta2 of the beta and tests-passed branches, the count of topics displayed for a tag is a count of all regular topics regardless of whether the topic is in a read restricted category or...
BIT-DISCOURSE-2023-23624 Discourse's exclude_tags param could leak which topics had a specific hidden tag
Discourse is an open-source discussion platform. Prior to version 3.0.1 on the stable branch and version 3.1.0.beta2 on the beta and tests-passed branches, someone can use the excludetag param to filter out topics and deduce which ones were using a specific hidden tag. This affects any Discourse...